Registering the AppScan Source Database with an AppScan Enterprise Server that is enabled for Common Access Card (CAC) authentication
If your AppScan® Enterprise Server is enabled for Common Access Card (CAC) authentication, complete all server settings in the utilities that are described in this help topic.
AppScan Source includes two utilities that allow you to register the database with an AppScan Enterprise Server that is enabled for CAC authentication. To be able to use the utilities, complete these steps:
- Locate the <install_dir>\appscanserverdbmgr_cac directory (where <install_dir> is the location of your AppScan Source installation).
- Copy the contents of <install_dir>\appscanserverdbmgr_cac\bin to <install_dir>\bin.
- Copy the contents of <install_dir>\appscanserverdbmgr_cac\lib to <install_dir>\lib.
- At a command prompt, change directory to <install_dir>\bin and then
invoke one of the utilities:
- If you are using a SHA-2 client certificate and want to enforce Federal Information Processing
Standard (FIPS) mode, invoke appscanserverdbmgr_cac_fips.bat with a
-client_cert_auth
argument. For example, change directory to C:\Program Files (x86)\IBM\AppScanSource\bin and issue this command:appscanserverdbmgr_cac_fips.bat -client_cert_auth
- For all other scenarios, invoke appscanserverdbmgr_cac.bat with a
-client_cert_auth
argument. For example, change directory to C:\Program Files (x86)\IBM\AppScanSource\bin and issue this command:appscanserverdbmgr_cac.bat -client_cert_auth
- If you are using a SHA-2 client certificate and want to enforce Federal Information Processing
Standard (FIPS) mode, invoke appscanserverdbmgr_cac_fips.bat with a
The tool can be launched with these additional parameters:
Parameter | Description | IBM® Security AppScan Enterprise Server Database Configuration graphical user interface equivalent |
---|---|---|
None | Launches a graphical user interface that allows you to enter and validate your AppScan Enterprise Server and AppScan Source Database configuration information, as described below. | |
-s |
URL for your AppScan Enterprise
Server instance. For example, https://localhost:9443/ase/ . |
Server URL |
-u |
Select the administrator CAC Common Name from the list. |
Product Administrator |
-forceTLSv12 |
Specify true with this setting only if
your AppScan Enterprise
Server is enabled for NIST 800-131a compliance (failing to do this will cause server connections to
fail). If your AppScan Enterprise
Server is not enabled for NIST 800-131a compliance, specify false with this
setting. |
Force TLSv1.2 |
-dbClient |
Specify 1 if your AppScan Source
Database is solidDB®. Specify 2 if it is Oracle. |
IBM SolidDB or Oracle |
-dbConnString |
Database connection string (for example,
"Driver={IBM solidDB 7.0 32-bit - (ANSI)}" ).If you are running an Oracle database, you can specify a TNS alias, if you have configured the server according to Oracle TNS Alias configuration. |
Connection String |
-dbConnInfo |
Database connection information (for example,
"tcp myhostname.mydomain.com 2315" ).Note: If localhost is
specified rather than a fully-qualified host name, only the user of the local machine will be able
to connect to the database. |
Connection Info |
-dbUserid |
User ID for your database user account. | Database User ID |
-dbPassword |
Password for your database user account user ID. | Password |
If you are using the graphical user interface, click Validate Connection after completing all entries in the AppScan Enterprise Server section. Once the entries have been validated, complete the entries in the AppScan Source Database section and click Validate Connection. When the database entries are validated, click Apply changes to register the database with the server.
If your AppScan Enterprise Server is enabled for CAC authentication, you will be prompted by a Windows Security dialog box for your CAC card pin when you click Apply changes or Validate Connection in the AppScan Enterprise Server section.